Doth Privacy Professionals protest too much?

If you didn't know any better and as a point of reference only considered recent pronouncements of what online social media sites search engines and mobile phone apps are doing with your data, you may just be frightened enough to go back to using smoke signal and carrier pigeons to communicate with the outside world.

There exists however a dichotomy of realities. On one hand, privacy professionals like me feel it is our God-given duty as the more informed of the two parties to relay and convey the risk and (apparently few) rewards of living in a digital world. (Just like you expect valid financial advice from your accountant; she knows more than you, you hope.) You can’t pick up any newspaper, magazine or online article without being threatened with identity Armageddon by the use of facebook, Google, Angry Birds, Hootsuite, Pandora, Yelp...and on and on and on. At what point do privacy experts stop being valued advisors and move toward simply being paternalistic and saving us from ourselves? Or worse: becoming crybabies?

We as users of technologies (me included) profess to care about our privacy, but the reality of the situation is that we generally do in practice the opposite of what we say. We have even given out our passwords and usernames to "researchers" for free chocolate. ISACA, a global information security association, recently published a survey that indicated 43% of people do not read the agreements on location-based apps before downloading them, and of those who do read the agreements, 25% believe these agreements are not clear about how location information is being used. (What is not really made clear in the statistics is how many of the users who read how their data is being used, still downloaded the app? More than 43%, I’ll bet.) Released late last week, the latest edition of the Angry Birds franchise was downloaded 10 million times in its first three days. How many people read the privacy policy, do you think? Every Apple iPhone update I have ever received on my phone has presented the policy and terms of use in no less than 60 pages.

It is probably the case that we have become desensitized to the news of our data being hacked, stolen or misused which has resulted in the inertia of most people to these events. When you are the recipient of a half-dozen of these "we lost a backup tape" or "a laptop was stolen" letters, and there is not an immediate 'sky is falling' event which follows, one becomes complacent; we start to ignore everything about the warnings, even when we should not. That state of being is called 'habituation.' According to www.animalbehavavioronline.com (how’s that for a source!), habituation is "an extremely simple form of learning, in which an animal, after a period of exposure to a stimulus, stops responding. In the nervous system, sensory systems may stop, after a while, sending signals to the brain in response to a continuously present or often-repeated stimulus."

Politicians even now feel the need to publically bully technology firms since it is easy work for them and it makes it seem like Washington is actually doing something. With approval rates for Congress at historic lows, politicians feel the need to get as much visibility as possible, even if it means digressing into areas about which they have no knowledge, expertise or clue. (I wonder - has every problem facing Congress already been solved that they now have to worry about what the iFart app does with my personal information?!)

The facts of the situation are this: use of facebook or Google is not mandatory (really, they're not!); you can still switch back to Friendster, Bing and MySpace if you'd like. Here's a corollary illustration. I recently had a bad experience with a car brand and dealer. When my lease came up for renewal, not only did I not purchase that car, but I did not and will not buy another car from that dealer. In fact, I won't even buy the same brand of car because that dealer is the only one for that brand in a 50 mile radius, so I would have to take my car to that dealer. So what did I do? Actually, what did I not do? I did not ask government to regulate or step in to review this lousy dealer, I voted with my feet and took my business elsewhere.

It is true in most professions around the world that we tend to create and discuss ideas only within our professional bubble; at best, instead of just talking about bacon for breakfast, you may move to turkey bacon. It is rare if the discussion ever moves to dim sum. The same ideas, solutions and concepts are debated by and for the same people. So when a person or people in your group doth protest too much, he or she may be really only doing so for the benefit (or entertainment) of just the same circle of colleagues he or she interacts with.